jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix cors crash with malformed origin

Browse Source
This commit is contained in:
Girish Ramakrishnan
2016-07-07 16:42:08 -07:00
parent 5a6b5f945d
commit 3335936e35
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/middleware/cors.js
View File

@@ -20,6 +20,7 @@ module.exports = function cors(options) {
if (!requestOrigin) return next();
requestOrigin = url.parse(requestOrigin);
if (!requestOrigin.host) return res.status(405).send('CORS not allowed from this domain');
var hostname = requestOrigin.host.split(':')[0]; // remove any port
var originAllowed = origins.some(function (o) { return o === '*' || o === hostname; });